Am Dienstag, den 25.10.2016, 22:40 +0100 schrieb Dimitri John Ledkov: > > > Can you paste contents of your ubuntu-keyring_*_all.deb? e.g. > > > output > > > of $ dpkg-deb -c ubuntu-keyring_*_all.deb > > > > > > > Here is my contents of the .deb und .udeb package: > > > > this is good. > > > > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./etc/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./etc/apt/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/ > > -rw-r--r-- root/root 1201 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/mytest-keyring-2016-test.gpg > > -rw-r--r-- root/root 3422 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/ubuntu-keyring-2004-archive.gpg > > -rw-r--r-- root/root 3147 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/ubuntu-keyring-2004-cdimage.gpg > > -rw-r--r-- root/root 2796 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg > > -rw-r--r-- root/root 2794 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./usr/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./usr/share/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./usr/share/doc/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 > > ./usr/share/doc/ubuntu-keyring/ > > -rw-r--r-- root/root 157 2016-10-25 21:51 > > ./usr/share/doc/ubuntu-keyring/README.gz > > -rw-r--r-- root/root 2163 2016-10-25 21:51 > > ./usr/share/doc/ubuntu-keyring/changelog.gz > > -rw-r--r-- root/root 1242 2016-10-25 21:51 > > ./usr/share/doc/ubuntu-keyring/copyright > > drwxr-xr-x root/root 0 2016-10-25 21:51 > > ./usr/share/keyrings/ > > -rw-r--r-- root/root 13360 2016-10-25 21:51 > > ./usr/share/keyrings/ubuntu-archive-keyring.gpg > > -rw-r--r-- root/root 0 2016-10-25 21:51 > > ./usr/share/keyrings/ubuntu-archive-removed-keys.gpg > > -rw-r--r-- root/root 1227 2016-10-25 21:51 > > ./usr/share/keyrings/ubuntu-master-keyring.gpg > > > > and > > > > this is not. > > > > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./etc/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./etc/apt/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/ > > -rw-r--r-- root/root 1201 2016-10-25 21:51 > > ./etc/apt/trusted.gpg.d/mytest-keyring-2016-test.gpg > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./usr/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 ./usr/share/ > > drwxr-xr-x root/root 0 2016-10-25 21:51 > > ./usr/share/keyrings/ > > -rw-r--r-- root/root 13360 2016-10-25 21:51 > > ./usr/share/keyrings/ubuntu-archive-keyring.gpg > > > > so for udeb case, i believe "mytest-keyring-2016-test.gpg" keys > should > be inside the ubuntu-archive-kerying.gpg but only in the .udeb. > > So for sake of simplicity, i guess you have to do both: > 1) import your key into /usr/share/keyrings/ubuntu-archive- > keyring.gpg > 2) ship your key as a key fragment in the /etc/apt/trusted.gpg.d/ > (already done above) > > I guess I really should look into fixing d-i to use trusted.gpg.d > just > like the installed systems to avoid all the confusing. Because it > really is a nightmare now in yakkety. I'm so sorry, that I did not > test / thought of ISO customizations when migrating ubuntu to the key > fragments. > > Regards, > > Dimitri. > > > > > > > > > > > > > > > > > > > apt_ftparchive -c config-rel release cd/dists/yakkety > > > > > cd/dists/yakkety/Release > > > > gpg --yes --no-default-keyring --keyring ./ubuntu-archive- > > > > keyring.gpg -a --default-key <mykey> --output > > > > cd/dists/yakkety/Release.gpg --detach-sig > > > > cd/dists/yakkety/Release > > > > cd cd; md5sum `find ! -name "md5sum.txt" ! -path "./isolinux/*" > > > > -follow -type f` > md5sum.txt; cd .. > > > > genisoimage -o output.iso -r -J -no-emul-boot -boot-load-size 4 > > > > -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat > > > > ./cd > > > > > > > > The cd installation will abort with > > > > > > > > apt configuration problem > > > > An attempt to configure apt to install additional packages from > > > > CD > > > > failed. > > > > > > > > The debug output on vt4 show me > > > > > > > > gpgv: Signature made Tue .... > > > > gpgv: using RSA key > > > > gpgv: Can't check signature: No public key > > > > . > > > > . > > > > apt-setup: W: Signature verification failed for > > > > /media/cdrom/diss/yakkety/Release.gpg > > > > > > > > I verified the install ubuntu-archive-keyring.gpg on my build > > > > host > > > > with > > > > > > > > gpgv --keyring ./ubuntu-archive-keyring.gpg > > > > cd/dists/yakkety/Release.gpg cd/dists/yakkety/Release > > > > > > ubuntu-archive-keyring.gpg file is not used by apt, on installed > > > systems, in yakkety and up. > > > > > > gpgv --keyring /etc/apt/trusted.gpg.d/your-key-name.gpg > > > cd/dists/yakkety/Release.gpg cd/dists/yakkety/Release > > > > > > must work, and for that you must ship > > > /etc/apt/trusted.gpg.d/your-key-name.gpg in the ubuntu-keyring > > > .deb > > > package. > > > > > > > > > > > > > > > gpgv: Signature made Tue Oct 25 14:55:11 2016 CEST > > > > gpgv: using RSA key > > > > gpgv: Good signature from "Signing Key Namexx <x...@yyy.com>" > > > > > > > > So it looks good for me. Any idea? > > > > > > > >
I modified the filesystem.squashfs and replace the ubuntu-archive- keyring.gpg with my version and added my /etc/apt/trusted.gpg.d/mykey.gpg. This brings me a little step further since the key check is passed, but the installation in unable to find a kernel. chroot /target apt-cache search linux doesn't show me a kernel. Other packages are still there :-( -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
